Contents of this Issue

Navigation

Page 16 of 68

BUILDING A NEW DEFENSE TEAM
A
s technology draws us deeper into a new age of business
enterprise, we are continuously bombarded with waves of
challenges and opportunities involving those with malicious
intentions. These attacks come at us from every direction as the
ingenuity of these criminal minds seek new and creative ways to
infiltrate our information resources and engage in cyber warfare
against our businesses.
In order to survive these reprehensible intrusions, retailers must
fight back. We have to defend our ground and take the necessary
steps to combat the threat. This requires that we build and recruit
the resources that will help us win the battles. We must become
cyber warriors in our own right; defending our computer and
information systems against those seeking to seize and exploit the
lifeline of our business.
Hackers and like-minded mercenaries wage war using
information technology to assault our computers and
information systems through cyber-related strategies. In the
retail space we primarily have thieves looking for personally
identifiable information that can be exploited and turned into
cash. But there are other groups as well. There are groups
targeting organizations for their research-and-development
assets, intellectual property, and corporate strategies. There may
also be other motivations.
To win these wars, we must find better ways to secure our
systems by building awareness, educating our teams, finding and
closing vulnerabilities, and developing collaborative strategies to
protect our resources and defend our customers and our companies.
Our greatest opportunity to overcome these intrusions is through
a comprehensive approach that includes information sharing and
best-practice protocols that support a joint defense team. This
is a shared responsibility that will not only demand innovative
thinking, but joint cooperation throughout an organization…and
the industry. To prevail over this imposing threat to the business, we
have to work together.
A team is typically at its best when the offense and defense
work well together. LP Magazine intends to take this fight to
the offensive by providing information and resources that can
be used to support our efforts and strengthen our sentinel. In the
process we've attended multiple seminars and interviewed several
industry-leading thought leaders and cybersecurity experts to
provide a more comprehensive perspective on the subject.
The Influence of Retail
"Retail is the lifeblood of the American economy," remarked
Michael Chertoff at this June's National Retail Federation (NRF)
LP conference. "Having a safe space to operate is critical to the
successful operation of the business."
According to the U.S. Department of Labor, the retail trade
sector is the nation's largest employer, with approximately 15.3
million jobs as of May 2014. Further studies show that total retail
sales in the U.S. topped $4.53 trillion in 2013 (EMarketer.com),
representing 27 percent of nominal U.S. gross domestic product, or
GDP. While no surprise to those leading the industry, these numbers
make it quite apparent that cyber threats can not only impact the
retail sector, but can also have a substantial influence on the growth
and stability of our economy as a whole.
Chertoff, the former secretary of the U.S. Department of
Homeland Security and now the executive chairman and cofounder
of the global security advisory firm The Chertoff Group, feels that
cybersecurity issues have not received the type of front-line attention
that some of the more visible and obvious risks have obtained.
With some of the more recent incidents that have brought the issue
front and center, it is becoming increasingly clear that these types of
threats must become a business priority.
"We've seen broad exposure of systemic vulnerabilities in our
company infrastructures," Chertoff said. "Businesses are collecting
more personal information about customer preferences, locations
and behaviors, not to mention credit card numbers. Organized
groups have become very sophisticated in their efforts, using
strategies that are complex and well-planned."
Did you ever consider that something as simple as a thermostat
could leave your company vulnerable to a cyber attack? To help
keep customers comfortable and shopping at a store, it's common
for retailers to routinely monitor temperatures and energy
consumption in stores to save on costs and to alert store managers if
temperatures in the stores fluctuate outside of an acceptable range.
Often this process is completed with the assistance of an outside
service provider with specific expertise to keep the system efficient
and cost-effective. Yet this seemingly mundane, unassuming process
opened the door for access into a company's database, leading to
one of the largest, most damaging data breaches in retail history.
Whether the vulnerabilities are introduced by employee errors
or negligence, disgruntled employees, partnering companies, or
"Data security is about risk management, not risk
elimination. There has to be a strategy for managing the
risk built on realistic expectations. You have to understand
what you're facing so that you can make intelligent
decisions. There must be a full understanding of the
threat, of the consequences, and an assessment of the
company's weaknesses and vulnerabilities and how they
fit within the business." – Michael Chertoff
16
JULY - AUGUST 2014 | LPPORTAL.COM